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Introduction 

A few years ago, many companies started providing remote access to their computers and servers using Microsoft’s proprietary Remote 
Desktop Protocol (RDP). Since then, Microsoft has come a long way, developing Microsoft Remote Desktop Services (RDS) to facilitate 
remote desktop access. This white paper highlights the pain points of RDS solutions and how systems administrators can use Parallels® 
Remote Application Server (RAS) to enhance their Microsoft RDS infrastructure to provide the functionality users need to be more 
productive. 


Overview of Microsoft Remote Desktop Services 

Formerly known as Terminal Services, Microsoft RDS consists of several tools and services that allow businesses to build an application 
and virtual desktop delivery solution for their users. In recent years, Microsoft has made considerable improvements in RDS, mainly 

in their latest versions RDS 2016 and RDS 2019. These have several enhancements when it comes to the user experience, security, 
management and cloud deployments on Microsoft Azure. However, Microsoft RDS has certain features that could use improvement. 


Depending on the environment and business requirements, Microsoft RDS can be set up either as session host, which is commonly 
used for publishing applications (RemoteApp), or as a virtualization host, commonly used for publishing desktops and virtual desktop 
infrastructure (VDI). Microsoft RDS is based on a suite of different server role services, mainly consisting of the following: 


Remote Desktop Session Host - The server that hosts Windows-based programs or the full Windows desktop for remote 
access. 


Remote Desktop Virtualization Host - An RD Virtualization Host that integrates with Microsoft Hyper-V to provide virtual 
machines (VMs). 


Remote Desktop Connection Broker — This is the central server of the infrastructure. Principle functions include assigning 
users to remote desktops and applications or load balancing incoming sessions. 


Remote Desktop Web Access - This server enables users to access the RemoteApp and Desktop Connections through the 
Start menu on a computer or through a web browser. 


Remote Desktop Gateway - This server enables authorized remote users to connect to resources on an internal corporate 
network, from any Internet connected compatible device. 


Remote Desktop Licensing — The server that manages the client access licenses. Microsoft RDS 2019 introduces several 
enhancements in the Licensing Servers management, which also implicitly can be applied to RAS deployments: 


e Forward compatibility for future versions of Windows Server to enable easier management of licenses from different 
RDS releases. 


e RDS user Client Access Licenses (CALs) update without direct AD connectivity requirements. 


e A high availability configuration may be provided to the RD Licensing Role with a SQL Database. 


Microsoft RDS Pain Points 


Limited Load Balancing Functionality - The Remote Desktop Connection Broker manages the distribution of connections between 
the different servers in the farm. The technology is very limited because it only distributes the connections based on session count and 
server weight. 


Limited Load Balancing of Gateways - Network Load Balancing or DNS Round Robin can be used to load balance the network traffic, 
though none of them track the health of the gateway service and NLB has to be installed and configured separately. To achieve true load 
balancing, Azure Load Balancer or a third-party solution is required. 
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Problematic and Restrictive Version Interoperability — One of the biggest problems of Microsoft RDS is compatibility issues among 
different role services. For instance, Windows Server 2016 is just backward compatible with a few components. Also, all Session Hosts and Connection 
Brokers servers need to be running the same OS version, and the License Server must be using the same OS version as the RD Session Host. 


Upgrade Limitations - Upgrades are limited and may require reinstallation of certain roles in a specific order. For upgrades from 
Windows 2012 to 2012 R2, all Microsoft RDS roles can be upgraded in place. However, upgrades to Windows Server 2016 or 2019 are 
supported only from Windows Server 2012 R2 and Windows Server 2016 TP5. On Azure, in-place upgrades are not supported. 


Limited Client Device Support — Remote Desktop client is only available for Windows, iOS, Mac, and Android. Microsoft RDS does not 
have a Linux client, so the only option for IT administrators looking for wider client support is to use third-party solutions. 


Mobile Devices - Microsoft RDS implements limited configurations to enhance the mobile user experience. HTML5 accesses are only 
supported in latest versions (2016 or 2019) and certain predefined conditions are required, such as per-user client access licenses or 
public trusted certificates for the RD Gateway and RD Web Access roles. 


Client Management — RD Gateway needs to be integrated with Network Policy Server (NPS) in order to filter incoming connections. NPS 
is acomplex operating system role that needs to be analyzed and configured properly. Microsoft does not natively manage RDS clients. 
If client configuration is required, additional software such as System Center configuration Manager may be required. 


Difficult to Scale Up - To scale up a Microsoft RDS infrastructure or configure load balancing and high availability features, 
administrators have to install and configure additional software components such as Microsoft NLB, Failover Cluster and Microsoft SQL, 
most of which are available at an additional cost. 


VDI Deployment Limitations — Windows Server RD Virtualization Host servers support only Enterprise version as guest OSs. 
Additionally, Hyper-V is the only supported hypervisor. 


Reporting and Monitoring — Microsoft does not include out-of-the-box dedicated reports or monitoring solutions for RDS setups. 
Administrators can use performance monitors or integrate their RDS solution with Operation Management Suite (OMS) or any third-party 
monitoring solution which implies additional costs. 


Multifactor Authentication (MFA) — MFA for RDS needs to be configured through the Network Policy Server (NPS) extension for 
Microsoft Azure. This means additional server role installation and configuration which adds setup and management complexity. 


On-Premises, Hybrid and Cloud Deployments - Microsoft is focusing their new RDS versions and features only for cloud setups. 
Windows Virtual Desktop or ARM Templates for Remote Desktop Services are only available in Azure. Businesses whose virtualization 
solution must run on their company datacenter will not be able to use the complete set of the product functionalities. 


How Parallels RAS Enhances Your Microsoft RDS Infrastructure 


Parallels Remote Application Server (RAS) is an application and virtual desktop delivery solution that allows systems administrators to 
create a private cloud from which it’s possible to centrally manage the delivery of all applications, virtual desktops and business-critical 
data on the infrastructure. Parallels RAS is well-known for its ease of use, low license costs and features list. This section highlights some 
of the enhancements Parallels RAS offers when used in conjunction with Microsoft RDS. Even in the early stages of planning, Parallels 
RAS has a lot to offer. It allows businesses to set up an application and virtual desktop delivery solution in just a few minutes, thanks to 
the following features. 


Easy to Install and Set Up 


Simple Wizard-Based Installation — Straightforward process for an “all-in-one” solution. The default setup is tailored to help 
businesses get started easily with configured SSL certificates, remote access and fully enabled HTML5 support. Thanks to intuitive 
software, even junior IT personnel can build a complete setup within a couple of minutes—without requiring any training. QuickStart 
wizards guide the administrator through configuring terminal servers, publishing applications and inviting users to connect. 
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Straightforward Licenses - Parallels RAS licensing is priced per concurrent user. All the components needed to build a scalable and 
high-availability application and virtual desktop solution are included in the license. 


Centralized Configuration Console and Auditing - To manage, monitor and scale up the Parallels RAS farm, systems administrators 
just use the Parallels RAS Console. Even when installing new components or configuring a multisite environment, systems administrators 
do not need to log in to other remote servers; everything can be done from the central console. All the changes and actions of every 
Parallels RAS administrator will be centrally recorded in the auditing log. 


Auto-Configuration of Remote Desktop Session Hosts — Systems administrators do not have to install and configure any server 
roles. Parallels RAS automatically installs the needed server roles (such as the Remote Desktop Session Host) on the servers from where 
applications and desktops are published. 


Easy Management of Remote Desktop Session Hosts (RDSH) and Sessions - In Parallels RAS, administrators can schedule reboots 
or temporarily disable a server or a group of servers, making it much easier to maintain the servers or upgrade applications. 


Built-In Automation Capabilities — Parallels RAS includes different pre-configured optimizations that can be automatically applied to 
different server types to ensure an efficient and improved delivery of applications and desktops, thus complementing the auto-scaling 
and auto-provisioning features. In addition, Parallels RAS includes PowerShell and REST APIs to provide organizations the capability to 
automate the provisioning of new resources for their Parallels RAS infrastructure over both on-premise and cloud environments. 


Unified Windows Virtual Desktops Integration — In September 2019, Microsoft released Windows Virtual Desktop, a proprietary 
desktop and app virtualization service and, later on (Spring 2020), this service was completely integrated into Microsoft Azure. Windows 
Virtual Desktop provides several benefits such as delivering pooled Windows 10 Enterprise multi-session desktops, image provisioning 
from the Azure Gallery or personal (persistent) desktop delivery. Parallels RAS extends Windows Virtual Desktop capabilities by 
integrating and configuring all virtual workloads and resources from a centralized console. 


FSLogix Profile Containers Integration — FSLogix Profile Containers can be centrally deployed, configured and managed from the 
Parallels RAS Console. 


Application Publishing and Delivery 


Parallels RAS uses Microsoft’s own Remote Desktop Protocol and Remote Desktop Services role to publish applications. Parallels RAS 
enhances these features through its own set of application publishing features and management tools, allowing systems administrators 
to provide a better experience for their users. With Parallels RAS, IT administrators are able to: 


e Publish applications that are installed in different paths on different servers, allowing them to publish any type of application, even 
if it is custom or legacy. Access to published applications can be verified prior to making the applications available to the end user, 
ensuring resources are available in the specified path. 


e An out-of-the-box installation of Parallels RAS load balances all incoming connections to the right RDSH resource based on server 
CPU load and memory usage, as well as the number of concurrent user sessions each server has. It redirects the new incoming 
connection to the least busy server, ensuring an optimum user experience. 


e High Availability Load Balancing (HALB) can distribute load among the Secure Client Gateways based on the resources available, 
making front-end access highly available and improving the user experience. Load balancing is available out of the box at no 
additional cost and without complex network configuration or dedicated hardware. Multiple HALB virtual servers can be configured 
with multiple virtual IPs in order to load balance traffic to different Secure Client Gateways on the same RAS Site; hence, 
administrators have the possibility to separate incoming connections based on the considerations that best fit their needs. 


e Monitor the usage of published applications and limit the number of instances or specify when a published application can be 
launched by users. 
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e Easily implement filtering rules to restrict access to published applications using a variety of criteria: user or group, MAC or 
IP address, client software, gateway and more. Parallels RAS also offers a complete client-policies solution that can be easily 
configured in the console. 


e Publish using Microsoft App-V. Parallels RAS has implemented Microsoft App-V application containers. App-V applications available 
on an RDSH host are shown for publishing within the Parallels RAS Console, without any additional configuration required. 


e Based on machine-learning techniques, Parallels RAS includes the session pre-launch feature to reduce application launch time, 
providing users with a better experience. Session prelaunch is available for Parallels Client over different platforms including 
Windows, Linux, macOS, Android and iOS. 


e Use RDSH auto-scaling, with an optimized number of Microsoft RDS Hosts based on user demand. Servers can be automatically 
provisioned or deprovisioned when the workload threshold is above or under a specified value. Full and linked clones are supported. 


e Parallels RAS enhances the standard RDP client drive redirection feature by adding a file-caching capability which accelerates the 
time of file and folder retrieval when users are interacting with their local drives. 


Virtual Desktop Infrastructure and Desktop Delivery 


On the VDI side, Parallels RAS supports templates created with the following versions of Windows as a guest OS: Windows 7, Windows 
8, Windows 8.1 and Windows 10. Through the integration with Windows Virtual Desktop, Windows 10 Enterprise multi-session is also 
supported. 


Systems administrators can use the customized Parallels version of Microsoft Sysprep—RASprep—to automatically prepare and 
configure virtual desktops. Compared to Sysprep, RASprep is faster, allowing a quicker deployment of VDI desktops. Parallels RAS also 
supports linked-clones technology; each deployed virtual machine shares virtual disks with the parent virtual machine in an ongoing 
manner. This allows multiple VMs to use the same software installation, saving disk space and provisioning time. 


Parallels RAS supports hypervisor-based VDI providers from VMware, Microsoft Hyper-V, Nutanix Acropolis and Scale Computing. 

This means that systems administrators can build a VDI solution using a wide range of technologies, because virtual machines can be 
delivered simultaneously from different platforms. Parallels RAS provides organizations the capability to configure the distribution of 

VDI and RD Session Host clones not only over central shared storage, but also over Microsoft Hyper-V hosts’ local disks. This feature 
provides a simple and cost-effective option for deploying clones because it does not depend on expensive storage solutions while at the 
same time maximizing local resource usage. 


User login grant-and-revoke procedures can be automatically managed by Parallels RAS, ensuring that users are accessing their 
desktops only through the Parallels RAS infrastructure. Administrators have full control of user sessions connected to the VDI 
environment. Apart from session management actions, such as disconnect or logoff, administrators can also view and manage each 
single process within user sessions. 


User profile persistence can be provided by either using User Profile Disks (UPD) or FSLogix Containers. UPD were introduced with 
Windows Server 2012 and have a few inherent disadvantages, such as single session restriction, meaning that a user utilizing UPD cannot 
be connected at the same time to multiple RDS Hosts. Many of these issues are solved by Microsoft’s FSLogix Profile Containers, which 
can be centrally managed within the Parallels RAS Console, both to automate the installation of the FSLogix Agent and to configure it for 
Windows Virtual Desktop, VDI and Remote Desktop Session Host workloads. FSLogix Containers are based on both the Server Message 
Block (SMB) protocol and the Virtual Hard Disk (VHD) format. Therefore, different storage solutions such as Storage Spaces Direct, Azure 
Files and Azure NetApp Files are supported. Profile Containers can also be used with Cloud Cache to create resilient and high availability 
environments. 


Administration Enhancements 


A modern web-based Management Portal allows administrators to manage, deploy and configure different Parallels RAS components 
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such as Remote Desktop Session Hosts, Secure Client Gateways and Publishing Agents. In addition, the Management Portal includes 
an overview of the Parallels RAS infrastructure, offering the possibility to perform troubleshooting and maintenance operations, such as 
reset or log-off user sessions. This way of working is ideal for certain IT operations, both for a company’s helpdesk service and for on- 
the-go administrators that need to be able to work from any device including mobile platforms. 


The Parallels RAS Console enables instant access to a predefined set of management tools, such as power management actions or network utilities 
to be run on any server in the Parallels RAS environment. In addition, custom tools can be included, speeding up required maintenance tasks. 


Administrators can configure specific permissions to delegate control and management of different Parallels RAS objects, such as 
infrastructure servers, RDSH servers, sessions or clients. This feature offers flexible management while keeping IT environments 
granularly secured. 


The Parallels RAS Console unifies the administration of Windows Virtual Desktop and other type of resources by providing organizations 
a single interface for their hybrid and multi-cloud deployments. As a result, organizations are able to centrally manage user sessions 
and devices, regardless of whether they are connecting to a cloud or an on-premise application or desktop. By using the Parallels 

RAS Console, enterprises can manage several Windows Virtual Desktop setups hosted under different Azure subscriptions, creating 
Workspaces or Host Pools and in turn defining any corresponding templates to be utilized. Complementarily, Parallels RAS built-in 
automation capabilities and its automated image optimizations allow companies to enhance and optimize their invested time when 
deploying Remote Desktop Session Hosts, VDI or Windows Virtual Desktop resources. 


Reporting and monitoring are vital tools for businesses to proactively enhance the performance of services and to optimize resolution 
times when users report problems or incidents. These tools allow management to keep track of employees’ productivity and allow 
administrators to monitor infrastructure usage, enabling them to plan ahead and ensure there are always enough resources. 


Parallels RAS includes built-in metrics to provide administrators a complete overview of user session details and a quantitative measure 
of the user experience. The “UX Evaluator” metric calculates the time elapsed between user interaction with a published resource and its 
corresponding response and, additionally, there are other important metrics such as login duration, logon breakdown, bandwidth usage, 
network latency and user connection flow. Defining appropriate thresholds for these metrics will help administrators to identify potential 
issues faster and more accurately. 


Once configured, systems administrators can use Parallels RAS reporting to generate a wide variety of reports, including user session 
activity, devices used, session activity on the server, server health reports and many more. Apart from a complete set of out-of-the-box 
reports, administrators can create custom reports, improving their daily maintenance and management activities. 


Support for a Wider Variety of Operating Systems and Mobile Devices 


End-user software deployment is one of the most problematic tasks for systems administrators when setting up an application delivery 
and virtual desktop solution. Parallels RAS users appreciate that Parallels client software can be installed on popular operating systems 
such as Windows, Mac and Linux. It can also be installed on any type of mobile device—such as popular Android and iOS phones— 
providing bring-your-own-device (BYOD) support out of the box. 


Parallels RAS provides a superior user experience on mobile devices. Administrators can create personalized keystroke shortcuts using 
the Parallels RAS Quick Keypad. Parallels Client includes three different mouse modes: Touch Mode, Dumbo and Pointer. For latest 
iPadOS devices, Parallels Client supports the use of a Bluetooth mouse or a trackpad, thus transforming your iPad nearly into a classic 
workstation and increasing end-user productivity. Application technology allows for conventional touch gestures in mobile devices—such 
as swipe, drag or zoom—to interact with published desktops and applications. 


Parallels RAS also has a “clientless” HTML5 Client. Users can access published applications and virtual desktops via the HTML5 Client 
by using any HTML5-compatible browser, such as Google Chrome, Firefox, Microsoft Edge or Internet Explorer. By using the HTML5 
Client, users can also upload files from their local device to the server running the published application by simply dragging and dropping 
the files. HTML5 Client also supports granular white-labeling customization. According to a company’s brand, separate themes can be 
created per user or group, providing each with a customized look and feel for the end users’ login portal. 
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On-Premises, Hybrid and Cloud Services 


A complete Parallels RAS setup can be deployed in Microsoft. Azure or other cloud computing platforms such as Amazon Web Services 
(AWS) or Google Cloud. In addition, when working with Microsoft Azure, predefined machine templates, cloning techniques and 
straightforward configuration wizards allow administrators to build a complete Parallels RAS environment within a short period of time. 
With Parallels RAS, companies can decide which configuration best fits their business requirements— on-premises, hybrid or cloud—and 
build a complete virtualization solution completely adjusted to their needs. 


Multifactor Authentication 


Companies may require multifactor authentication to access to their published resources. Parallels RAS is completely integrated with 
third-party security solutions such as DualShield, SafeNet, RADIUS, Azure Multi-Factor Authentication and Google Authenticator TOTP. 


Use Parallels RAS to Enhance Your Microsoft RDS Infrastructure 


As this white paper highlights, Parallels RAS allows you to enhance your Microsoft RDS infrastructure, enabling you to offer a superior 
application and virtual desktop delivery solution. 


Built around Microsoft’s RDP protocol, Parallels RAS allows systems administrators to do more in less time with fewer resources. Since 
it is easier to implement and use, systems administrators can easily manage and scale up the Parallels RAS farm without requiring 
specialized training. Because of its extensive feature list and multisite support, it’s possible to build solutions that meet the requirements 
of any enterprise, regardless of its size and scale. 


For more information, visit parallels.com/ras 
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